This application claims the priority of German Application No. 101 38 703.2, filed Aug. 7, 2001, the disclosure of which is expressly incorporated by reference herein.
The invention relates to a method for the tamper-proof storage of the odometer reading in a vehicle.
The tamper-proof storage of a distance covered by a vehicle is very important. Recently, insurance companies have attempted to make their premiums for vehicles dependent on the distance which they travel annually. In addition, the odometer reading is a decisive factor in determining the price when a secondhand car is bought or sold.
U.S. Pat. No. 4,710,888 discloses a method for measuring, displaying and storing the distance covered by a vehicle, in which the accumulated and updated odometer reading data is stored in a nonvolatile memory. An essential feature of the method is the optimized addressing for the storage of the accumulated odometer reading data in the nonvolatile memory in order to avoid unnecessary writing/deletion access operations to the nonvolatile memory. In addition, the method which is used when writing to the nonvolatile memory permits checking for faults to be carried out by setting and comparing an additional parity bit for each stored data value.
U.S. Pat. No. 4,803,707 discloses a circuit for digitally storing odometer reading data, which is intended to increase the service life of the nonvolatile memory. Here, the significant digital value of an odometer reading is set as an address pointer for the nonvolatile memory in which the non-significant digital value of the odometer reading is then stored. In addition, electronic tampering with odometer reading data is prevented in that, during writing, an additional flag is set which cannot be deleted and is additionally checked.
German Patent No. DE 19821696 discloses a method and a device for the tamper-proof storage of odometer reading data of a vehicle. Here, the data which is determined by a counting unit is transmitted in encrypted form to a receiver unit. In the receiver unit the data is encrypted and stored.
Japanese Patent No. 06241825 A discloses an electronic odometer in which the respective reading is stored in a non-volatile memory and also in a processor part and a display part. In order to prevent misuse, when the non-volatile memory is tampered with at the start of the process part the odometer reading information contained there is written back into the non-volatile memory.
The object of the present invention is to make available an alternative method for the tamper-proof storage of odometer reading data. Here in particular the protection against errors during the transmission of the odometer data is improved.
The object is achieved according to the invention by storing the current odometer reading data of at least one further control unit on the data bus in a memory. The control units transmit the odometer reading data, which is stored at a particular time, onto the data bus at specific time intervals. A control unit accepts the odometer reading transmitted onto the data bus only if the reading is higher in value than its stored value. This value is used by the control unit for the further counting and storage.
The redundant storage of the odometer reading data in the further control units enhances the protection against tampering. Possible tampering would then have to be carried out not only in the first control unit but also in the further control units.
As tampering with the odometer reading data generally has the objective of reducing the odometer reading data, the method ensures that the odometer reading, having the highest value transmitted on the data bus, is always stored by the storage means of the control units. In this way, when tampering which occurs with the odometer reading data at one of the control units, this tampering is prevented from being spread to the other control units.
In addition, when a control unit is changed it is not necessary to reset the odometer reading. The correct value is automatically accepted by the new control unit when this method is applied.
In a further development of the method according to the invention, before the acceptance of the odometer reading data, the odometer reading data transmitted on the data bus is checked for errors by a control unit. This step is necessary, as there are a large number of error sources. For example, as a result of the incorrect behaviour of a controller or as a result of a software error or hardware fault in a control unit, incorrect data can get onto the data bus which could be interpreted as odometer reading data. This would lead to a situation in which a single error on the data bus system would xe2x80x9cagexe2x80x9d the means of transport by a random number of miles or kilometers. In addition, the odometer reading data on the data bus could also be tampered with intentionally because, of course, the data format of the data to be transmitted is known.
The acceptance of a relatively high odometer reading by a control unit is highly significant as this value is used for the further counting. Owing to the possible errors which can occur, it is necessary to ensure that only correct odometer reading data is accepted by the control units. This is achieved by checking the odometer reading data before acceptance by the control unit.
There are various ways of advantageously configuring and developing the teaching of the present invention. In this respect, reference is made, on the one hand, to the subordinate claims and, on the other, to the following explanation of an embodiment.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of the invention when considered in conjunction with the accompanying drawings.